ed448

package module
v0.0.0-...-1ecabd2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 4, 2023 License: GPL-3.0 Imports: 5 Imported by: 0

README

ed448-goldilocks

Build Status Go Report Card

This is an implementation of the Edwards elliptic curve with a field size of 448, as described by Mike Hamburg in his paper "Ed448-Goldilocks, a new elliptic curve".

API Documentation

GoDoc

Funding

The work made hare was partially supported by the NlNet Foundation. Find information here.

Disclaimer

This code is provided as is and does not have any warranty. Use it at your own risk.

This code is still under constant development so you might want to wait for a future release in order to use it.

This code is a proof of concept of various experiments. Do not use in production. I mainly use it to play with some ideas. Do not use in production.

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// Cofactor is the ratio between the order of the group (p) and the one
	// from the subgroup (q).
	Cofactor = byte(4)

	//ScalarQ is the prime order of the curve (q).
	ScalarQ = &scalar{
		0xab5844f3, 0x2378c292, 0x8dc58f55, 0x216cc272,
		0xaed63690, 0xc44edb49, 0x7cca23e9, 0xffffffff,
		0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff,
		0xffffffff, 0x3fffffff,
	}

	//BasePoint is the base point of the curve.
	BasePoint = &twExtendedPoint{
		&bigNumber{
			0x0ffffffe, 0x0fffffff, 0x0fffffff, 0x0fffffff,
			0x0fffffff, 0x0fffffff, 0x0fffffff, 0x0fffffff,
			0x00000003, 0x00000000, 0x00000000, 0x00000000,
			0x00000000, 0x00000000, 0x00000000, 0x00000000,
		},
		&bigNumber{
			0x0f752992, 0x081e6d37, 0x01c28721, 0x03078ead,
			0x0394666c, 0x0135cfd2, 0x00506061, 0x041149c5,
			0x0f5490b3, 0x031d30e4, 0x090dc141, 0x09020149,
			0x04c1e328, 0x052341b0, 0x03c10a1b, 0x01423785,
		},
		&bigNumber{
			0x0ffffffb, 0x0fffffff, 0x0fffffff, 0x0fffffff,
			0x0fffffff, 0x0fffffff, 0x0fffffff, 0x0fffffff,
			0x0ffffffe, 0x0fffffff, 0x0fffffff, 0x0fffffff,
			0x0fffffff, 0x0fffffff, 0x0fffffff, 0x0fffffff,
		},
		&bigNumber{
			0x00660415, 0x08f205b7, 0x0fd3824f, 0x0881c60c,
			0x0d08500d, 0x0377a638, 0x04672615, 0x08c66d5d,
			0x08e08e13, 0x0e52fa55, 0x01b6983d, 0x087770ae,
			0x0a0aa7ff, 0x04388f55, 0x05cf1a91, 0x0b4d9a78,
		},
	}
)

Functions

func DSASign 

func DSASign(sym [57]byte, pub Point, msg []byte) [114]byte

DSASign implements EdDSA style signing for Ed448 - equivalent of goldilocks_ed448_sign

func DSAVerify 

func DSAVerify(sig [114]byte, pub Point, msg []byte) bool

DSAVerify implements EdDSA style verifying for Ed448 equivalent of goldilocks_ed48_verify

func Ed448DeriveSecret 

func Ed448DeriveSecret(pubkey PublicKey, privkey PrivateKey) [56]byte

func Ed448Sign 

func Ed448Sign(privkey PrivateKey, message []byte) [114]byte

func Ed448Verify 

func Ed448Verify(pubkey PublicKey, signature, message []byte) bool

func EdPrivateKeyToX448 

func EdPrivateKeyToX448(edKey PrivateKey) [56]byte

func EdPublicKeyToX448 

func EdPublicKeyToX448(edKey PublicKey) [56]byte

func SignSecretAndNonce 

func SignSecretAndNonce(secret, n PrivateKey, msg []byte) [114]byte

func SignWithPrivate 

func SignWithPrivate(privkey PrivateKey, message []byte) [114]byte

Types

type Point 

type Point interface {
	IsOnCurve() bool
	Equals(q Point) bool
	EqualsMask(q Point) uint32
	Copy() Point
	Add(q, r Point)
	Sub(q, r Point)
	Double() Point
	Encode() []byte
	Decode(src []byte, identity bool) (bool, error)
	EdDSAEncode() []byte
	EdDSADecode(src []byte) bool
}

Point is a interface of a Ed448 point

func NewPoint 

func NewPoint(a [nLimbs]uint32, b [nLimbs]uint32, c [nLimbs]uint32, d [nLimbs]uint32) Point

NewPoint returns an Ed448 point from 4 arrays of 16 uint32.

func NewPointFromBytes 

func NewPointFromBytes(in ...[]byte) Point

NewPointFromBytes returns an Ed448 point from a byte slice.

func PointByPrivate 

func PointByPrivate(p PrivateKey) Point

func PointBySecret 

func PointBySecret(p PrivateKey) Point

func PointDoubleScalarMulNonsecret 

func PointDoubleScalarMulNonsecret(q Point, a, b Scalar) Point

PointDoubleScalarMulNonsecret returns the addition of two multiplications: a given point (q) by a given scalar (b) and the base point of the curve by a given scalar (a): q * b + basePoint * a. @warning: This function takes variable time, and may leak the scalars used. It is designed for signature verification.

func PointScalarMul 

func PointScalarMul(q Point, a Scalar) Point

PointScalarMul returns the multiplication of a given point (p) by a given scalar (a): q * a.

func PrecomputedScalarMul 

func PrecomputedScalarMul(a Scalar) Point

PrecomputedScalarMul returns the multiplication of a given scalar (a) by the precomputed base point of the curve: basePoint * a.

type PrivateKey 

type PrivateKey [57]byte

func BytesToPrivateKey 

func BytesToPrivateKey(key []byte) (pk PrivateKey)

func Ed448GenerateKey 

func Ed448GenerateKey(reader io.Reader) (PrivateKey, error)

func PrivateToSecret 

func PrivateToSecret(pk PrivateKey) PrivateKey

type PublicKey 

type PublicKey [57]byte

func BytesToPublicKey 

func BytesToPublicKey(key []byte) (pk PublicKey)

func Ed448DerivePublicKey 

func Ed448DerivePublicKey(privkey PrivateKey) PublicKey

func PrivateToPublic 

func PrivateToPublic(privkey PrivateKey) PublicKey

func SecretToPublic 

func SecretToPublic(sk PrivateKey) PublicKey

type Scalar 

type Scalar interface {
	Equals(a Scalar) bool
	EqualsMask(a Scalar) uint32
	Copy() Scalar
	Add(a, b Scalar)
	Sub(a, b Scalar)
	Mul(a, b Scalar)
	Halve(a Scalar)
	Invert() bool
	Encode() []byte
	BarretDecode(src []byte) error
	Decode(src []byte)
}

Scalar is a interface of a Ed448 scalar

func NewScalar 

func NewScalar(in ...[]byte) Scalar

NewScalar returns a Scalar in Ed448 with decaf

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.